CVE-2023-22955 – AudioCodes VoIP desk phones through version 3.4... (How to Fix)

Q: What is the severity of CVE-2023-22955?

CVE-2023-22955 has a CVSS score of 7.8 (HIGH). AudioCodes VoIP desk phones through version 3.4.4.1000 have insufficient firmware validation that only uses simple checksums. This allows attackers who can calculate and place the correct checksums to install malicious firmware on affected devices. Organizations using these phones are vulnerable to firmware compromise.

📋 TL;DR

AudioCodes VoIP desk phones through version 3.4.4.1000 have insufficient firmware validation that only uses simple checksums. This allows attackers who can calculate and place the correct checksums to install malicious firmware on affected devices. Organizations using these phones are vulnerable to firmware compromise.

💻 Affected Systems

Products:

AudioCodes VoIP desk phones

Versions: Through 3.4.4.1000

Operating Systems: Embedded phone firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent backdoor installation, call interception, credential theft, and lateral movement within the VoIP network.

🟠

Likely Case

Attacker gains persistent access to phone systems for eavesdropping, call manipulation, or using phones as footholds for network attacks.

🟢

If Mitigated

Limited impact if network segmentation prevents lateral movement and monitoring detects anomalous firmware activity.

🌐 Internet-Facing: MEDIUM - Phones directly exposed to internet could be targeted, but exploitation requires specific firmware manipulation knowledge.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems could exploit this to establish persistent footholds in VoIP infrastructure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires knowledge of checksum calculation and firmware structure, but detailed technical information is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.4.4.1000

Vendor Advisory: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt

Restart Required: Yes

Instructions:

1. Contact AudioCodes for updated firmware. 2. Download and verify firmware from official sources. 3. Deploy firmware update to all affected phones. 4. Reboot phones after update.

🔧 Temporary Workarounds

Network segmentation

all

Isolate VoIP phones on separate VLAN with strict firewall rules limiting communication to necessary services only.

Firmware integrity monitoring

all

Implement monitoring to detect unauthorized firmware changes or checksum mismatches.

🧯 If You Can't Patch

Implement strict network access controls to prevent unauthorized access to phone management interfaces
Monitor for unusual firmware update activity and checksum validation failures

🔍 How to Verify

Check if Vulnerable:

Check phone firmware version via web interface or phone menu. If version is 3.4.4.1000 or earlier, device is vulnerable.

Check Version:

Check via phone web interface at http://[phone-ip]/ or through phone menu system

Verify Fix Applied:

Verify firmware version is newer than 3.4.4.1000 and confirm checksum validation includes cryptographic signatures.

📡 Detection & Monitoring

Log Indicators:

Unexpected firmware update events
Checksum validation failures
Unauthorized access to firmware update endpoints

Network Indicators:

Unusual firmware download traffic patterns
Unauthorized connections to phone management ports

SIEM Query:

source="voip-phones" AND (event_type="firmware_update" OR checksum_failure="true")

📊 Metadata

CVE ID: CVE-2023-22955

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-345

Published: August 11, 2023

Last Updated: April 17, 2025

🔗 References

http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2023/Aug/17 Mailing List,Third Party Advisory
https://syss.de Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt Exploit,Vendor Advisory
http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2023/Aug/17 Mailing List,Third Party Advisory
https://syss.de Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22955, you might also want to check these: